| ଶୀର୍ଷକ | ForUCMS XSS vulnerability |
|---|
| ବର୍ଣ୍ଣନା | Construction environment:
windows10
Phpstudy
5.3.29
Project download address: https://gitee.com/sw1981/ForU-CMS?_from=gitee_search
Vulnerability File Directory
C:\phpStudy\PHPTutorial\WWW\ForU-CMS-dev\admin\cms_chip.php
POST receives data transmitted by users
However, the process does not filter the xss attack payload input by the user
c_ name value
<img src="x" onerror="alert(/xss/);">
Reference link:https://github.com/whiex/c2Rhc2Rhc2Q-/blob/main/MjU1NTI1ODU4ODU%3D.docx |
|---|
| ଉତ୍ସ | ⚠️ https://github.com/whiex/c2Rhc2Rhc2Q-/blob/main/MjU1NTI1ODU4ODU%3D.docx |
|---|
| ଉପଭୋକ୍ତା | s7eyd7 (UID 30723) |
|---|
| ଦାଖଲ | 11/08/2022 03:53 AM (3 ବର୍ଷ ବର୍ଷ ago) |
|---|
| ମଧ୍ୟମ ଧରଣର | 11/11/2022 08:29 AM (3 days later) |
|---|
| ସ୍ଥିତି | ଗ୍ରହଣ କରାଯାଇଛି |
|---|
| VulDB ଏଣ୍ଟ୍ରି | 213450 [ForU CMS cms_chip.php ନାମ କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ] |
|---|
| ପଏଣ୍ଟ | 20 |
|---|